基于USBkey认证的SSL VPN网络的设计与实现
发布时间:2018-12-27 09:03
【摘要】:随着信息网络化程度的加深和互联网规模的不断扩张,企业对远程安全访问的需求将越来越凸显,而其自身原有的专用网已经不能很好地满足这方面的迫切需求。如果是采用传统的VPN解决方案的话,企业需要对现有的网络进行大量的改造工作,既费时又费钱。SSL VPN作为一种发展成熟的网络技术,,具有很好的兼容性,能轻松地实现与企业已经存在的或即将构建的SSL VPN网络平滑扩充,而不再需要进行大量的改变和复杂的研发。同时还拥有部署便捷、使用简单、扩展性强以及维护成本较低等特点,尤其能很好地满足远程办公、离散的分支机构接入等需求。而且SSL VPN拥有更加强大的控制能力,能够实现细粒度的应用权限划分,其数据传送机制是采用了一系列加密技术后封装转发,站在整个网络办公平台安全性的角度来讲,其安全系数也更高。 针对企业专用网络中敏感数据通信的需求,本文详细地研究了基于USBkey认证的SSL VPN网络的性能和特点,以建设内蒙古通辽市中电投蒙东能源公司的SSL VPN网络系统为实例,介绍了本设计涉及到的关键技术和相关理论,包括VPN、SSL VPN、USBkey和数字证书技术,详细论述了该系统的需求分析、网络结构以及主要设备的选型和配置工作等。在身份强制认证方式上,本文阐述了以常见的Windows操作平台为基础,利用成熟的USBkey技术完成身份认证的具体过程,该方案成本较低、安全性高、易用性强,大幅提升了企业用户身份认证的可靠性和便捷性,进一步增强了企业的核心竞争力。 本文将SSL VPN技术与USBkey技术相结合,在该方案中选用的是“零客户端”的SSL VPN网络,用户只需要通过浏览器就能远程访问到企业的内网,兼顾考虑企业的经费投入和技术实力,采用主流的浪潮服务器搭建企业的CA中心,选择Sangfor VPN-2050网关来构建企业的SSL VPN网络,使用海泰方圆公司的Haikey作用用户的USBkey,实现了对企业内部资源的全方位保护,为用户提供安全、可靠、高效的远程访问环境。目前该系统已经正式运行了一年多,证明了设计方案的可行性。
[Abstract]:With the deepening of information networking and the continuous expansion of the scale of the Internet, the demand for remote security access by enterprises will become more and more prominent, and its original private network can no longer meet the urgent needs in this respect. If the traditional VPN solution is adopted, the enterprise needs to do a lot of renovation work on the existing network, which is time-consuming and expensive. As a mature network technology, it has good compatibility. It is easy to implement smooth expansion of SSL VPN networks existing or about to be built with enterprises without the need for a large number of changes and complex R & D. At the same time, it has the advantages of convenient deployment, simple use, strong expansibility and low maintenance cost, especially it can meet the needs of remote office, discrete branch access and so on. Moreover, SSL VPN has more powerful control ability and can realize fine-grained application privilege division. Its data transmission mechanism is to use a series of encryption technology to encapsulate and forward, and stand in the view of the security of the entire network office platform. Its safety factor is also higher. Aiming at the demand of sensitive data communication in enterprise private network, this paper studies the performance and characteristics of SSL VPN network based on USBkey authentication in detail, taking the construction of SSL VPN network system in Tongliao City of Inner Mongolia as an example. This paper introduces the key technologies and related theories involved in this design, including VPN,SSL VPN,USBkey and digital certificate technology, and discusses in detail the requirement analysis of the system, the network structure, the selection and configuration of the main equipment and so on. On the way of identity compulsory authentication, this paper expounds the concrete process of identity authentication based on common Windows operating platform and mature USBkey technology. This scheme has the advantages of low cost, high security and easy to use. It greatly improves the reliability and convenience of enterprise user identity authentication, and further strengthens the core competitiveness of enterprises. In this paper, SSL VPN technology is combined with USBkey technology. In this scheme, the SSL VPN network of "zero client" is chosen. The user can access the intranet of the enterprise remotely only through the browser, taking into account the investment and technical strength of the enterprise. Using the mainstream tide server to build the CA center of the enterprise, choosing the Sangfor VPN-2050 gateway to construct the SSL VPN network of the enterprise, using the USBkey, of the Haikey of Haitai Fangyuan Company to realize the all-around protection of the internal resources of the enterprise. Provide users with a secure, reliable and efficient remote access environment. At present, the system has been running for more than a year, which proves the feasibility of the design.
【学位授予单位】:吉林大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.1
[Abstract]:With the deepening of information networking and the continuous expansion of the scale of the Internet, the demand for remote security access by enterprises will become more and more prominent, and its original private network can no longer meet the urgent needs in this respect. If the traditional VPN solution is adopted, the enterprise needs to do a lot of renovation work on the existing network, which is time-consuming and expensive. As a mature network technology, it has good compatibility. It is easy to implement smooth expansion of SSL VPN networks existing or about to be built with enterprises without the need for a large number of changes and complex R & D. At the same time, it has the advantages of convenient deployment, simple use, strong expansibility and low maintenance cost, especially it can meet the needs of remote office, discrete branch access and so on. Moreover, SSL VPN has more powerful control ability and can realize fine-grained application privilege division. Its data transmission mechanism is to use a series of encryption technology to encapsulate and forward, and stand in the view of the security of the entire network office platform. Its safety factor is also higher. Aiming at the demand of sensitive data communication in enterprise private network, this paper studies the performance and characteristics of SSL VPN network based on USBkey authentication in detail, taking the construction of SSL VPN network system in Tongliao City of Inner Mongolia as an example. This paper introduces the key technologies and related theories involved in this design, including VPN,SSL VPN,USBkey and digital certificate technology, and discusses in detail the requirement analysis of the system, the network structure, the selection and configuration of the main equipment and so on. On the way of identity compulsory authentication, this paper expounds the concrete process of identity authentication based on common Windows operating platform and mature USBkey technology. This scheme has the advantages of low cost, high security and easy to use. It greatly improves the reliability and convenience of enterprise user identity authentication, and further strengthens the core competitiveness of enterprises. In this paper, SSL VPN technology is combined with USBkey technology. In this scheme, the SSL VPN network of "zero client" is chosen. The user can access the intranet of the enterprise remotely only through the browser, taking into account the investment and technical strength of the enterprise. Using the mainstream tide server to build the CA center of the enterprise, choosing the Sangfor VPN-2050 gateway to construct the SSL VPN network of the enterprise, using the USBkey, of the Haikey of Haitai Fangyuan Company to realize the all-around protection of the internal resources of the enterprise. Provide users with a secure, reliable and efficient remote access environment. At present, the system has been running for more than a year, which proves the feasibility of the design.
【学位授予单位】:吉林大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.1
【参考文献】
相关期刊论文 前9条
1 李中献,詹榜华,杨义先;一种基于智能卡的公钥认证方案[J];北京邮电大学学报;1999年01期
2 谢慧;王鲁达;张澎;;双因素身份认证令牌验证的SSL VPN应用网关研究与设计[J];湘南学院学报;2008年05期
3 刘淳;张凤元;张其善;;基于智能卡的RSA与ECC算法的比较与实现[J];计算机工程与应用;2007年04期
4 张鑫;李方伟;潘春兰;;一种增强的基于智能卡的远程身份鉴别方案[J];计算机应用;2009年04期
5 朱广堂;陈lm新;;一种基于智能卡的网络安全访问控制模型[J];计算机应用研究;2006年09期
6 曹U
本文编号:2392824
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2392824.html
